Example 3. VPN between two Ingate Firewalls
Example Company, Inc. has offices in Denver and Colorado Springs. Company wants to connect the two local networks into a secure private network, using two Ingate Firewalls with VPN. All computers on both networks need to communicate with each other through the VPN connection. Here, the extra VPN configuration is presented.
The firewall at the Denver office is called Company Firewall 1. It has the IP address 10.72.1.1 on the inside and 194.137.2.50 on the outside. The computers on the office network have the IP addresses 10.72.1.2 to 10.72.1.30. A web server runs on the IP address 10.72.1.4. The router to Internet has the IP address 194.137.2.49 on the office side. There is also a service network behind a router with the IP address 10.72.1.3. The computers on this network have the IP addresses 10.72.2.2 and 10.72.2.3.
The Colorado Springs firewall, Company Firewall 2, has three active interfaces. It has the IP address 119.168.54.41 on inside1, 192.168.72.1 on inside2 and 119.168.54.35 on the outside. The computers on the office networks have the IP addresses 119.168.54.42 to 119.168.54.46 and 192.168.72.2 to 192.168.72.15, respectively. The router to the Internet has the IP address 119.168.54.33 on the office side.
Denver office
At the Denver office, Company Firewall 1 is configured. Company Firewall 2 (Colorado Springs) is defined as an IPsec peer on the IPsec Peers page. Select Preshared secret and type the secret under Info.
Go on to the IPsec Tunnels page. In the IPsec networks table, you define the networks which should use the IPsec tunnel.
Define the IPsec tunnels for this peers. Since there are two networks at each office, there are a total of four tunnels to define, one for each combination of networks.
On the Networks and Computers page, the networks that are using VPN are defined. Please note that the remote networks that will use VPN must have '-' as the interface.
Finally, Rules for the traffic are defined. The Colorado Springs firewall is consistently used as peer when running VPN.
Colorado Springs office
The corresponding configuration is done for Company Firewall 2. First the connection is defined on the IPsec Peers page. Use the same secret under Info.
The VPN connected networks are defined on the IPsec Tunnels page. Since there are two networks at each office, there is a total of four tunnels to define, one for each combination of networks.
After that, configure the traffic under Rules as for Company Firewall 1.
The VPN connection between Company Firewall 1 and Company Firewall 2 will be established as soon as both configurations have been applied.